Hi
In my application I’m using com.atlassian.connect:atlassian-connect-spring-boot-core:5.1.1
Everything worked fine untill we’ve added webhook handling.
Application is registered via Application registration form.
Application is written in java with spring boot. Below is my descriptor.
Installation went fine … but when it comes to JWT token verification when we got webhook call from jira it ends up with 401 because of exception JwtInvalidClaimException.
The bsh value provided within JWT token from jira cloud is not matched with value calculated on my app by com.atlassian.connect.spring.internal.auth.RequireAuthenticationHandlerInterceptor
I’ve started digging and found that the case is that jira cloud calculate bsh based on url from “webhook” module (/credit-risk-board/issue-updated/{issue.key}) while RequireAuthenticationHandlerInterceptor does this based on full url which is "api/jira/credit-risk-board/issue-updated/{issue.key})… so this cause failure in comparison.
I cannot adjust base url as it breaks “lifecycle” as “/api/jira/installed” could not be found by lifecycle manager.
Adding “/api/jira” to url within webhook also does not work as “/api/jira” is already in “baseUrl”.
{
"key": "test-jira-integration",
"name": "test Jira Integration",
"description": "Internal Jira integration for test",
"vendor": {
"name": "test",
"url": "https://www.test.com"
},
"baseUrl": "https://portal.test.com/api/jira",
"links": {
"self": "https://portal.test.com/api/jira/atlassian-connect.json"
},
"authentication": {
"type": "jwt"
},
"lifecycle": {
"installed": "/installed",
"uninstalled": "/uninstalled"
},
"enableLicensing": false,
"scopes": [
"read",
"write",
"admin"
],
"modules": {
"webhooks": [
{
"jqlFilter": "project = CRB",
"event": "jira:issue_updated",
"url": "/credit-risk-board/issue-updated/{issue.key}",
"excludeBody": false
}
]
}
}